1.4.0 / 2021-08-18
2e9ec19
This commit was signed with the committer’s verified signature.
flavorjones
Mike Dalessio
1.4.0 / 2021-08-18
-
Processing Instructions are no longer allowed by Rails::Html::PermitScrubber
Previously, a PI with a name (or "target") matching an allowed tag name was not scrubbed. There
are no known security issues associated with these PIs, but similar to comments it's preferred to
omit these nodes when possible from sanitized output.Fixes #115.
Mike Dalessio